If you’re an Android developer, nothing makes you panic quite like a term violation email from Google that threatens to pull your app from the Play Store. It’s even more worrying when it turns out to be a complete fake designed to steal your Google login credentials.

AndroidPolice reports that there’s a new phishing scam doing the rounds that specifically targets Android developers with a term violation warning. It scares you into thinking that your app is going to be pulled in three days if you don’t update its Play Store description.

The email provides a link that’ll take you to a page resembling Google’s Developer Console, but if attempt to sign in, it’ll send your email address and password off to scammers.

What makes this phishing scam more concerning than most is that the scammers have put some effort into it, and it’s not immediately obvious that it’s a scam.

For instance, the email states the name and package ID of the app in question, and it contains no spelling mistakes — normally a dead giveaway of a phishing email. What’s more, the scammers have purposely used a long email address, which gets cut off in Gmail.

All you see when you open the email is “noreply-developer-goo.” It’s only when you click on the address to see the whole thing that you realize it’s not genuine — “email hidden; JavaScript is required.” Notice the extra ‘o’ in Google?

If you’re an Android developer and you receive an email like this, be sure to check the email address before clicking on any links. You can also double-check the URL of the Developer Console to ensure that’s genuine, or better yet, type it in yourself so you now you’re visiting the real thing.

• SourceTommie Podzemski
• ViaAndroidPolice